Hello Organizers, Seems I sent this to the wrong place, so please forgive the delay. I hope you can still consider my proposal, and hope even more to be able to participate in the conference this year. It would be great to see you again. -------- START OF PRESENTATION -------- EXPLORING 802.11 IMPERSONATION ATTACKS This presentation is relevant to all computers with 802.11 wireless stacks, but is custom tailored to the default wifi (802.11) configuration of a OpenSUSE 13.1 installation. PREMISE OS vendors are not defending against wireless attackers with all tools at their disposal. In this presentation we examine the weaknesses in question and explore alternative wifi components and and configurations. INTRODUCTION The proposal begins with definitions of wireless network types, one of which is 802.11 and the breakdown of the 802.11 standard. Management frames like beacons, probe requests, and probe replies are explained. The sequence of events across a wireless landscape full of nodes is described, and select use cases are illustrated for later demonstration. OPENSUSE ARCHITECTURE OpenSUSE's network architecture is reviewed on a high level, exploring the components relevant to proactive defense measures of wifi attacks. OpenSUSE components like Net-tools, Wireless-tools, Yast-network, Networkmanager, IPRoute, and Sysconfig-network (along with their configuration files) are quickly explained. DEEPER INSPECTION To help in understanding attacks, a deeper inspection of the trust models used by typical wireless stacks (of a few different OS vendors) are contrasted with OpenSUSE's behaviour. We consider the extent of damage if this trust is abused and begin to wander down the road to attack and defense strategy. LIVE DEMONSTRATION Early in the presentation a live demonstration illustrates the embarassingly easy attack types on our prepared wireless test network. We carry out deauth DoS, ARP cache poisoning, DNS spoof, MITM, passive data capture (with rainbow analysis and resulting identity theft), and active attacks with malicious code injection. Delegates in the audience are invited to put their computers' wifi interfaces in monitor mode to follow along the attacks and see on their own screens what malicious packets look like in Wireshark. LESSONS LEARNED (MORAL TO THE STORY) Simple defense recommendations are made from a: End user perspective Core/Kernel developer perspective Application developer perspective Service provider perspective OS vendor/OEM perspective INDUSTRIAL ACTION A review of work by groups like the author of Kismet and Blackphone is mentioned as well as consideration of the path to porting for OpenSUSE. FUNNY TIME A one minute hollywood film excerpt serves to relieve delegates and land a happy ending to the presentation (like eating fresh fruit after a heavy meal.) -------- END OF PRESENTATION -------- ...I just did a shorter version of this lecture at the Mobile World Congress in Barcelona, where it met with interest from delegates. I think quite a few OpenSUSE people know me already, but just in case here's my bio: -------- Start biography -------- Michael Schloh von Bennewitz is a computer scientist specializing in network software, mobile computing, and client server design. Responsible for research, development, and maintenance of packages in several community software repositories, Michael actively contributes to the Opensource development community. Fluent in four languages, he speaks at technical events every year. He has presented for groups including Cable & Wireless, Nokia, the Linux Foundation, and Mobile World Congress. Michael's speaking style is humerous and his presentations are published in SVG or HTML5. Additional information is found at http://michael.schloh.com/ -------- End biography -------- For an example presentation I've given in the past, please see: http://dev.europalab.com/tizportdev/ ...use the arrow keys to advance the slide deck. Lastly, to see publications for the last oSC conference I attended, please visit my news service (don't call it a blog): http://etrends.europalab.com/ http://etrends.europalab.com/content/opensuse-conference-praha/ Hope you like my proposal enough to let it in the last minute. If accepted, I would like to respectfully request travel assistance from Germany. Hope to see you in Croatia! Cheers, Michael -- Michael Schloh von Bennewitz Software Development Engineer Europalab Networks R&D, Munich Office: +49(89)44239885 UTC+1 Mobile: Same as 'Office' VoIP: sips:michael@schloh.com Web: http://michael.schloh.com/